US government warns about cyber bug in Intel chips

The Department of Homeland Security in Washington DC has advised PC users to review Intel's warning, which includes a software tool to check if they have a vulnerable chip.

The US government has urged people to act on an Intel alert about flaws in a number computer chips used in millions of machines.

The guidance was issued a day after Intel said it had identified vulnerabilities in its Management Engine remote access software.

Industry researchers are scrambling to understand the impact on private data of the newly disclosed security risk, which affects eight types of processors.

Scroll down for video 

The US government has urged businesses to act on an alert about flaws in a number of widely used CPUs, including the seventh generation of Intel's Core processors (pictured). The firm identified vulnerabilities in its Management Engine remote access software

The US government has urged businesses to act on an alert about flaws in a number of widely used CPUs, including the seventh generation of Intel's Core processors (pictured). The firm identified vulnerabilities in its Management Engine remote access software

WHICH PROCESSORS ARE AFFECTED?

- Sixth, seventh and eighth generation Intel Core processors

- Intel Xeon E3-1200 v5 and v6 processors

- Intel Xeon Scalable processors

- Intel Xeon W processors

- Intel Atom C3000 processors

- Apollo Lake Intel Atom E3900 series

- Apollo Lake Intel Pentiums

- Celeron N and J series processors

The Department of Homeland Security advised computer users to review the warning from Intel, which includes a software tool that checks whether a computer has a vulnerable chip. 

It also urged them to contact computer makers to obtain software updates and advice on strategies for mitigating the threat.

Security experts said that it was not clear how difficult it would be to exploit the vulnerabilities to launch attacks, though they found the disclosure troubling because the affected chips were so widely used. 

For a remote attack to succeed, a vulnerable machine would need to be configured to allow remote access, and a hacker would need to know the administrator's user name and password.  

Attackers could break in without those credentials if they have physical access to the computer.

Intel has said that it knew of no cases where hackers had exploited the vulnerability in a cyber attack.

'These vulnerabilities affect essentially every business computer and server with an Intel processor released in the last two years,' said Jay Little, a security engineer with cyber consulting firm Trail of Bits.

Intel spokeswoman Agnes Kwan said the company had provided software patches to fix the issue to all major computer manufacturers, though it was up to them to distribute patches to computers users. 

Intel says the company has provided software patches to fix the issue to all major computer manufacturers. Dell's support website offered patches for servers, but not laptop or desktop computers, at the time of publication

Intel says the company has provided software patches to fix the issue to all major computer manufacturers. Dell's support website offered patches for servers, but not laptop or desktop computers, at the time of publication

Processors affected include sixth, seventh and eighth generation Intel's Core processors, Xeon E3-1200 v5 and v6, scalable and W processors, Atom C3000 processors, Apollo Lake Atom E3900 and Pentium and Celeron N and J series processors.

Dell's support website offered patches for servers, but not laptop or desktop computers, at the time of publication.

Lenovo offered fixes for some servers, laptops and tablets and said more updates would be available Friday. 

HP posted patches to its website on Tuesday evening. 

Security experts noted that it could take time to fix vulnerable systems because installing patches on computer chips is a difficult process.

'Patching software is hard. Patching hardware is even harder,' said Ben Johnson, co-founder of cyber startup Obsidian Security.